<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><DIV>Thanks anton.</DIV>
<DIV>So, I must extract hundreds of pattern manually. :(</DIV>
<DIV> </DIV>
<DIV>Regards</DIV>
<DIV><BR><BR>--- On <B>Fri, 13/8/10, Anton Chuvakin <I><anton@chuvakin.org></I></B> wrote:<BR></DIV>
<BLOCKQUOTE style="BORDER-LEFT: rgb(16,16,255) 2px solid; PADDING-LEFT: 5px; MARGIN-LEFT: 5px"><BR>From: Anton Chuvakin <anton@chuvakin.org><BR>Subject: Re: [syslog-ng] Pattern extraction<BR>To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu><BR>Date: Friday, 13 August, 2010, 7:18 PM<BR><BR>
<DIV class=plainMail>> I dont know how can i extract pattern form logs, I must check every log type separately?, using pattern recognition methods? or using<BR>>pattern database (if exist for all aplication and device)?<BR><BR>Well, this is not just you - it is "you and the rest of the world."<BR>The standard way is pretty much to manually (or with tools - but still<BR>mostly manually) write regular expressions for every distinct log<BR>message type.<BR><BR>--<BR>Dr. Anton Chuvakin<BR>Site: <A href="http://www.chuvakin.org/" target=_blank>http://www.chuvakin.org</A><BR>Blog: <A href="http://www.securitywarrior.org/" target=_blank>http://www.securitywarrior.org</A><BR>LinkedIn: <A href="http://www.linkedin.com/in/chuvakin" target=_blank>http://www.linkedin.com/in/chuvakin</A><BR>Consulting: <A href="http://www.securitywarriorconsulting.com/" target=_blank>http://www.securitywarriorconsulting.com</A><BR>Twitter:
@anton_chuvakin<BR>Google Voice: +1-510-771-7106<BR>______________________________________________________________________________<BR>Member info: <A href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A><BR>Documentation: <A href="http://www.balabit.com/support/documentation/?product=syslog-ng" target=_blank>http://www.balabit.com/support/documentation/?product=syslog-ng</A><BR>FAQ: <A href="http://www.campin.net/syslog-ng/faq.html" target=_blank>http://www.campin.net/syslog-ng/faq.html</A><BR><BR></DIV></BLOCKQUOTE></td></tr></table><br>